[svn] dirmngr - r329 - trunk/src
svn author wk
cvs at cvs.gnupg.org
Wed Nov 4 11:32:21 CET 2009
Author: wk
Date: 2009-11-04 11:32:21 +0100 (Wed, 04 Nov 2009)
New Revision: 329
Modified:
trunk/src/ChangeLog
trunk/src/server.c
Log:
Provide help for all server commands.
Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog 2009-11-02 17:34:41 UTC (rev 328)
+++ trunk/src/ChangeLog 2009-11-04 10:32:21 UTC (rev 329)
@@ -1,3 +1,8 @@
+2009-11-04 Werner Koch <wk at g10code.com>
+
+ * server.c (register_commands): Add help arg to
+ assuan_register_command. Change all command comments to strings.
+
2009-11-02 Marcus Brinkmann <marcus at g10code.de>
* server.c (reset_notify): Take LINE argument, return gpg_error_t.
Modified: trunk/src/server.c
===================================================================
--- trunk/src/server.c 2009-11-02 17:34:41 UTC (rev 328)
+++ trunk/src/server.c 2009-11-04 10:32:21 UTC (rev 329)
@@ -1,6 +1,6 @@
/* dirmngr.c - LDAP access
* Copyright (C) 2002 Klarälvdalens Datakonsult AB
- * Copyright (C) 2003, 2004, 2005, 2007, 2008 g10 Code GmbH
+ * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009 g10 Code GmbH
*
* This file is part of DirMngr.
*
@@ -437,7 +437,11 @@
return 0;
}
-
+static const char hlp_ldapserver[] =
+ "LDAPSERVER <data>\n"
+ "\n"
+ "Add a new LDAP server to the list of configured LDAP servers.\n"
+ "DATA is in the same format as expected in the configure file.";
static gpg_error_t
cmd_ldapserver (assuan_context_t ctx, char *line)
{
@@ -462,30 +466,29 @@
}
-/* ISVALID [--only-ocsp] [--force-default-responder]
- <certificate_id>|<certificate_fpr>
-
- This command checks whether the certificate identified by the
- certificate_id is valid. This is done by consulting CRLs or
- whatever has been configured. Note, that the returned error codes
- are from gpg-error.h. The command may callback using the inquire
- function. See the manual for details.
-
- The CERTIFICATE_ID is a hex encoded string consisting of two parts,
- delimited by a single dot. The first part is the SHA-1 hash of the
- issuer name and the second part the serial number.
-
- Alternatively the certificate's fingerprint may be given in which
- case an OCSP request is done before consulting the CRL.
-
- If the option --only-ocsp is given, no fallback to a CRL check will
- be used.
-
- If the option --force-default-responder is given, only the default
- OCSP responder will be used and any other methods of obtaining an
- OCSP responder URL won't be used.
- */
-
+static const char hlp_isvalid[] =
+ "ISVALID [--only-ocsp] [--force-default-responder]"
+ " <certificate_id>|<certificate_fpr>\n"
+ "\n"
+ "This command checks whether the certificate identified by the\n"
+ "certificate_id is valid. This is done by consulting CRLs or\n"
+ "whatever has been configured. Note, that the returned error codes\n"
+ "are from gpg-error.h. The command may callback using the inquire\n"
+ "function. See the manual for details.\n"
+ "\n"
+ "The CERTIFICATE_ID is a hex encoded string consisting of two parts,\n"
+ "delimited by a single dot. The first part is the SHA-1 hash of the\n"
+ "issuer name and the second part the serial number.\n"
+ "\n"
+ "Alternatively the certificate's fingerprint may be given in which\n"
+ "case an OCSP request is done before consulting the CRL.\n"
+ "\n"
+ "If the option --only-ocsp is given, no fallback to a CRL check will\n"
+ "be used.\n"
+ "\n"
+ "If the option --force-default-responder is given, only the default\n"
+ "OCSP responder will be used and any other methods of obtaining an\n"
+ "OCSP responder URL won't be used.";
static gpg_error_t
cmd_isvalid (assuan_context_t ctx, char *line)
{
@@ -615,26 +618,26 @@
-/* CHECKCRL [<fingerprint>]
-
- Check whether the certificate with FINGERPRINT (SHA-1 hash of the
- entire X.509 certificate blob) is valid or not by consulting the
- CRL responsible for this certificate. If the fingerprint has not
- been given or the certificate is not known, the function
- inquires the certificate using an
-
- INQUIRE TARGETCERT
-
- and the caller is expected to return the certificate for the
- request (which should match FINGERPRINT) as a binary blob.
- Processing then takes place without further interaction; in
- particular dirmngr tries to locate other required certificate by
- its own mechanism which includes a local certificate store as well
- as a list of trusted root certificates.
-
- The return value is the usual gpg-error code or 0 for ducesss;
- i.e. the certificate validity has been confirmed by a valid CRL.
-*/
+static const char hlp_checkcrl[] =
+ "CHECKCRL [<fingerprint>]\n"
+ "\n"
+ "Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n"
+ "entire X.509 certificate blob) is valid or not by consulting the\n"
+ "CRL responsible for this certificate. If the fingerprint has not\n"
+ "been given or the certificate is not known, the function \n"
+ "inquires the certificate using an\n"
+ "\n"
+ " INQUIRE TARGETCERT\n"
+ "\n"
+ "and the caller is expected to return the certificate for the\n"
+ "request (which should match FINGERPRINT) as a binary blob.\n"
+ "Processing then takes place without further interaction; in\n"
+ "particular dirmngr tries to locate other required certificate by\n"
+ "its own mechanism which includes a local certificate store as well\n"
+ "as a list of trusted root certificates.\n"
+ "\n"
+ "The return value is the usual gpg-error code or 0 for ducesss;\n"
+ "i.e. the certificate validity has been confirmed by a valid CRL.";
static gpg_error_t
cmd_checkcrl (assuan_context_t ctx, char *line)
{
@@ -692,33 +695,33 @@
}
-/* CHECKOCSP [--force-default-responder] [<fingerprint>]
-
- Check whether the certificate with FINGERPRINT (SHA-1 hash of the
- entire X.509 certificate blob) is valid or not by asking an OCSP
- responder responsible for this certificate. The optional
- fingerprint may be used for a quick check in case an OCSP check has
- been done for this certificate recently (we always cache OCSP
- responses for a couple of minutes). If the fingerprint has not been
- given or there is no cached result, the function inquires the
- certificate using an
-
- INQUIRE TARGETCERT
-
- and the caller is expected to return the certificate for the
- request (which should match FINGERPRINT) as a binary blob.
- Processing then takes place without further interaction; in
- particular dirmngr tries to locate other required certificates by
- its own mechanism which includes a local certificate store as well
- as a list of trusted root certifciates.
-
- If the option --force-default-responder is given, only the default
- OCSP responder will be used and any other methods of obtaining an
- OCSP responder URL won't be used.
-
- The return value is the usual gpg-error code or 0 for ducesss;
- i.e. the certificate validity has been confirmed by a valid CRL.
-*/
+static const char hlp_checkocsp[] =
+ "CHECKOCSP [--force-default-responder] [<fingerprint>]\n"
+ "\n"
+ "Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n"
+ "entire X.509 certificate blob) is valid or not by asking an OCSP\n"
+ "responder responsible for this certificate. The optional\n"
+ "fingerprint may be used for a quick check in case an OCSP check has\n"
+ "been done for this certificate recently (we always cache OCSP\n"
+ "responses for a couple of minutes). If the fingerprint has not been\n"
+ "given or there is no cached result, the function inquires the\n"
+ "certificate using an\n"
+ "\n"
+ " INQUIRE TARGETCERT\n"
+ "\n"
+ "and the caller is expected to return the certificate for the\n"
+ "request (which should match FINGERPRINT) as a binary blob.\n"
+ "Processing then takes place without further interaction; in\n"
+ "particular dirmngr tries to locate other required certificates by\n"
+ "its own mechanism which includes a local certificate store as well\n"
+ "as a list of trusted root certifciates.\n"
+ "\n"
+ "If the option --force-default-responder is given, only the default\n"
+ "OCSP responder will be used and any other methods of obtaining an\n"
+ "OCSP responder URL won't be used.\n"
+ "\n"
+ "The return value is the usual gpg-error code or 0 for ducesss;\n"
+ "i.e. the certificate validity has been confirmed by a valid CRL.";
static gpg_error_t
cmd_checkocsp (assuan_context_t ctx, char *line)
{
@@ -1024,27 +1027,25 @@
}
-/* LOOKUP [--url] [--single] [--cache-only] <pattern>
-
- Lookup certificates matching PATTERN. With --url the pattern is
- expected to be one URL.
-
- If --url is not given: To allow for multiple
- patterns (which are ORed) quoting is required: Spaces are to be
- translated into "+" or into "%20"; obviously this requires that the
- usual escape quoting rules are applied.
-
- If --url is given no special escaping is required because URLs are
- already escaped this way.
-
- if --single is given the first and only the first match will be
- returned. If --cache-only is _not_ given, no local query will be
- done.
-
- if --cache-only is given no external lookup is done so that only
- certificates from the cache may get returned.
-*/
-
+static const char hlp_lookup[] =
+ "LOOKUP [--url] [--single] [--cache-only] <pattern>\n"
+ "\n"
+ "Lookup certificates matching PATTERN. With --url the pattern is\n"
+ "expected to be one URL.\n"
+ "\n"
+ "If --url is not given: To allow for multiple patterns (which are ORed)\n"
+ "quoting is required: Spaces are translated to \"+\" or \"%20\";\n"
+ "obviously this requires that the usual escape quoting rules are applied.\n"
+ "\n"
+ "If --url is given no special escaping is required because URLs are\n"
+ "already escaped this way.\n"
+ "\n"
+ "If --single is given the first and only the first match will be\n"
+ "returned. If --cache-only is _not_ given, no local query will be\n"
+ "done.\n"
+ "\n"
+ "If --cache-only is given no external lookup is done so that only\n"
+ "certificates from the cache may get returned.";
static gpg_error_t
cmd_lookup (assuan_context_t ctx, char *line)
{
@@ -1072,18 +1073,18 @@
}
-/* LOADCRL [--url] <filename|url>
-
- Load the CRL in the file with name FILENAME into our cache. Note
- that FILENAME should be given with an absolute path because
- Dirmngrs cwd is not known. With --url the CRL is directly loaded
- from the given URL.
-
- This command is usually used by gpgsm using the invocation "gpgsm
- --call-dirmngr loadcrl <filename>". A direct invocation of Dirmngr
- is not useful because gpgsm might need to callback gpgsm to ask for
- the CA's certificate. */
-
+static const char hlp_loadcrl[] =
+ "LOADCRL [--url] <filename|url>\n"
+ "\n"
+ "Load the CRL in the file with name FILENAME into our cache. Note\n"
+ "that FILENAME should be given with an absolute path because\n"
+ "Dirmngrs cwd is not known. With --url the CRL is directly loaded\n"
+ "from the given URL.\n"
+ "\n"
+ "This command is usually used by gpgsm using the invocation \"gpgsm\n"
+ "--call-dirmngr loadcrl <filename>\". A direct invocation of Dirmngr\n"
+ "is not useful because gpgsm might need to callback gpgsm to ask for\n"
+ "the CA's certificate.";
static gpg_error_t
cmd_loadcrl (assuan_context_t ctx, char *line)
{
@@ -1131,14 +1132,13 @@
}
-/* LISTCRLS
-
- List the content of all CRLs in a readable format. This command is
- usually used by gpgsm using the invocation "gpgsm --call-dirmngr
- listcrls". It may also be used directly using "dirmngr
- --list-crls".
-*/
-
+static const char hlp_listcrls[] =
+ "LISTCRLS\n"
+ "\n"
+ "List the content of all CRLs in a readable format. This command is\n"
+ "usually used by gpgsm using the invocation \"gpgsm --call-dirmngr\n"
+ "listcrls\". It may also be used directly using \"dirmngr\n"
+ "--list-crls\".";
static gpg_error_t
cmd_listcrls (assuan_context_t ctx, char *line)
{
@@ -1157,19 +1157,19 @@
}
-/* CACHECERT
-
- Put a certificate into the internal cache. This command might be
- useful if a client knows in advance certificates required for a
- test and wnats to make sure they get added to the internal cache.
- It is also helpful for debugging. To get the actual certificate,
- this command immediately inquires it using
-
- INQUIRE TARGETCERT
-
- and the caller is expected to return the certificate for the
- request as a binary blob.
-*/
+static const char hlp_cachecert[] =
+ "CACHECERT\n"
+ "\n"
+ "Put a certificate into the internal cache. This command might be\n"
+ "useful if a client knows in advance certificates required for a\n"
+ "test and wnats to make sure they get added to the internal cache.\n"
+ "It is also helpful for debugging. To get the actual certificate,\n"
+ "this command immediately inquires it using\n"
+ "\n"
+ " INQUIRE TARGETCERT\n"
+ "\n"
+ "and the caller is expected to return the certificate for the\n"
+ "request as a binary blob.";
static gpg_error_t
cmd_cachecert (assuan_context_t ctx, char *line)
{
@@ -1211,18 +1211,18 @@
}
-/* VALIDATE
-
- Validate a certificate using the certificate validation function
- used internally by dirmngr. This command is only useful for
- debugging. To get the actual certificate, this command immediately
- inquires it using
-
- INQUIRE TARGETCERT
-
- and the caller is expected to return the certificate for the
- request as a binary blob.
-*/
+static const char hlp_validate[] =
+ "VALIDATE\n"
+ "\n"
+ "Validate a certificate using the certificate validation function\n"
+ "used internally by dirmngr. This command is only useful for\n"
+ "debugging. To get the actual certificate, this command immediately\n"
+ "inquires it using\n"
+ "\n"
+ " INQUIRE TARGETCERT\n"
+ "\n"
+ "and the caller is expected to return the certificate for the\n"
+ "request as a binary blob.";
static gpg_error_t
cmd_validate (assuan_context_t ctx, char *line)
{
@@ -1287,17 +1287,18 @@
{
static struct {
const char *name;
- gpg_error_t (*handler)(assuan_context_t, char *line);
+ assuan_handler_t handler;
+ const char * const help;
} table[] = {
- { "LDAPSERVER", cmd_ldapserver },
- { "ISVALID", cmd_isvalid },
- { "CHECKCRL", cmd_checkcrl },
- { "CHECKOCSP", cmd_checkocsp },
- { "LOOKUP", cmd_lookup },
- { "LOADCRL", cmd_loadcrl },
- { "LISTCRLS", cmd_listcrls },
- { "CACHECERT", cmd_cachecert },
- { "VALIDATE", cmd_validate },
+ { "LDAPSERVER", cmd_ldapserver, hlp_ldapserver },
+ { "ISVALID", cmd_isvalid, hlp_isvalid },
+ { "CHECKCRL", cmd_checkcrl, hlp_checkcrl },
+ { "CHECKOCSP", cmd_checkocsp, hlp_checkocsp },
+ { "LOOKUP", cmd_lookup, hlp_lookup },
+ { "LOADCRL", cmd_loadcrl, hlp_loadcrl },
+ { "LISTCRLS", cmd_listcrls, hlp_listcrls },
+ { "CACHECERT", cmd_cachecert, hlp_cachecert },
+ { "VALIDATE", cmd_validate, hlp_validate },
{ "INPUT", NULL },
{ "OUTPUT", NULL },
{ NULL, NULL }
@@ -1306,7 +1307,8 @@
for (i=j=0; table[i].name; i++)
{
- rc = assuan_register_command (ctx, table[i].name, table[i].handler);
+ rc = assuan_register_command (ctx, table[i].name, table[i].handler,
+ table[i].help);
if (rc)
return rc;
}
More information about the Gnupg-commits
mailing list